/*
 * Copyright (c) 2007-2008, Thomas Krause (tho.krause@gmail.com)
 * 
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without modification,
 * are permitted provided that the following conditions are met:
 * 
 *     * Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice,
 *       this list of conditions and the following disclaimer in the documentation
 *       and/or other materials provided with the distribution.
 *     * Neither the name of gidoo nor the names of its contributors may be used to
 *       endorse or promote products derived from this software without specific
 *       prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

package org.gidoo.cms.login;

import org.gidoo.cms.helper.Crypto;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.wicket.Request;
import org.apache.wicket.authentication.AuthenticatedWebApplication;
import org.apache.wicket.authentication.AuthenticatedWebSession;
import org.apache.wicket.authorization.strategies.role.Roles;
import org.gidoo.cms.GidooCMS;
import org.gidoo.cms.data.CMSSection;
import org.gidoo.cms.data.RegisteredUser;
import org.gidoo.cms.dbconnection.Persistance;

/**
 *
 * @author thomas
 */
public class GidooCMSAuthenticatedWebSession extends AuthenticatedWebSession
{
  
  public static final String ROLE_PUBLISHER = "PUBLISHER";
  public static final String ROLE_EDITOR = "EDITOR";
  
  /** The the user info of the user of the session (including login/ID). */
  private RegisteredUser userInfo;
    
  /**
   * Creates a new instance of GidooCMSAuthenticatedWebSession.
   * 
   * @param app The application.
   * @param request The request.
   */
  public GidooCMSAuthenticatedWebSession(final AuthenticatedWebApplication app, Request request)
  {
    super(app, request);
  }

  public boolean authenticate(final String username, final String password)
  {
    userInfo = null;
    boolean result = false;
    try
    {
      RegisteredUser tempUserInfo = ((GidooCMS) getApplication()).getDb().getUserByLogin(username);
      if(tempUserInfo != null)
      {
        String md5 = Crypto.calculateSHAHash(password);
      
        result = md5.equals(tempUserInfo.getPasswordHash());

        if(result)
        {
          userInfo = tempUserInfo;
          
        }
      }
    }
    catch(Exception ex)
    {
      userInfo = null;
      result = false;
      Logger.getLogger(GidooCMSAuthenticatedWebSession.class.getName()).log(Level.SEVERE, null, ex);
    }
    
    return result;
  }

  public Roles getRoles()
  {
    if(isSignedIn())
    {
      Roles r = new Roles();
      
      Collection<CMSSection> publish = userInfo.getSections_publish();
      Collection<CMSSection> edit = userInfo.getSections_edit();
      
      if(publish != null && publish.size() > 0)
      {
        r.add(ROLE_PUBLISHER);
      }

      if(edit != null && edit.size() > 0)
      {
        r.add(ROLE_EDITOR);
      }

      if(userInfo.getIsAdmin())
      {
        r.add(Roles.ADMIN);
      }
      
      return r;
    }
    
    return null;
  }

  public RegisteredUser getUserInfo()
  {
    return userInfo;
  }
  
  
  
}
